US7847959B2 - Point of sale printers providing secure network tunneling - Google Patents

Point of sale printers providing secure network tunneling Download PDF

Info

Publication number
US7847959B2
US7847959B2 US11/551,909 US55190906A US7847959B2 US 7847959 B2 US7847959 B2 US 7847959B2 US 55190906 A US55190906 A US 55190906A US 7847959 B2 US7847959 B2 US 7847959B2
Authority
US
United States
Prior art keywords
printer
data
network
network server
tunnel
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Expired - Fee Related, expires
Application number
US11/551,909
Other versions
US20080144075A1 (en
Inventor
Shannon Andrew Love
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Toshiba Global Commerce Solutions Holdings Corp
Original Assignee
International Business Machines Corp
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by International Business Machines Corp filed Critical International Business Machines Corp
Priority to US11/551,909 priority Critical patent/US7847959B2/en
Assigned to INTERNATIONAL BUSINESS MACHINES CORPORATION reassignment INTERNATIONAL BUSINESS MACHINES CORPORATION ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: LOVE, SHANNON ANDREW
Publication of US20080144075A1 publication Critical patent/US20080144075A1/en
Application granted granted Critical
Publication of US7847959B2 publication Critical patent/US7847959B2/en
Assigned to TOSHIBA GLOBAL COMMERCE SOLUTIONS HOLDINGS CORPORATION reassignment TOSHIBA GLOBAL COMMERCE SOLUTIONS HOLDINGS CORPORATION PATENT ASSIGNMENT AND RESERVATION Assignors: INTERNATIONAL BUSINESS MACHINES CORPORATION
Expired - Fee Related legal-status Critical Current
Adjusted expiration legal-status Critical

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/02Network architectures or network communication protocols for network security for separating internal from external traffic, e.g. firewalls
    • H04L63/029Firewall traversal, e.g. tunnelling or, creating pinholes
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/16Implementing security features at a particular protocol layer
    • H04L63/162Implementing security features at a particular protocol layer at the data link layer

Definitions

  • the present invention relates generally to point of sale devices. More specifically, the present invention relates generally to a processor implemented method and data processing system which enables a point of sale printer to create and use secure network tunnels.
  • Point of sale is a term that is often used in connection with hardware and software for checkout systems, such as cash registers, optical scanners, magnetic card readers, special terminals, and printers. Reading product tags, updating inventory, and checking credit are some of the operations performed at the point of sale.
  • Point of sale systems evolved from the mechanical cash registers of the first half of the 20th century.
  • Examples of this type of register include the National Cash Register (NCR) registers operated by a crank and the lever-operated Burroughs registers. These registers recorded data on journal tapes or paper tape and required an extra step to transcribe the information into the retailer's accounting system. The next step in evolution was to move to operation by electricity.
  • An example of this type of register was the National Cash Register Class 5 cash register.
  • new registers that were driven by computers were introduced, such as the International Business Machines (IBM) 3653 Store System and the National Cash Register 2150.
  • IBM International Business Machines
  • the year 1973 also brought about the introduction of the UPC/EAN barcode readers on the point of sale systems.
  • the point of sale systems became based on personal computer technology with the introduction of the International Business Machines 4683.
  • the illustrative embodiments provide for secure network tunneling between a printer and a network server.
  • the illustrative embodiments receive a request at a printer to transmit data to a network server.
  • the illustrative embodiments establish a secure network tunnel between the printer and the network server.
  • the illustrative embodiments transmit the data from the printer to the network server over the secure network tunnel. Then, the illustrative embodiments receive a server acknowledgement at the printer that the data has been received by the network server.
  • FIG. 1 depicts a pictorial representation of a network of data processing systems in which the illustrative embodiments may be implemented
  • FIG. 2 shows a block diagram of a data processing system in which the illustrative embodiments may be implemented
  • FIG. 3 is a block diagram showing an electric connection of a network printer in accordance with an illustrative embodiment
  • FIG. 4 depicts a functional block diagram of a point of sale (POS) system in accordance with an illustrative embodiment
  • FIG. 5 illustrates an exemplary operation of a transmission from a point of sale printer in accordance with an illustrative embodiment
  • FIG. 6 illustrates an exemplary operation of receiving data at a point of sale printer in accordance with an illustrative embodiment.
  • the illustrative embodiments provide for enabling a point of sale printer to create and use secure network tunnels in order to authenticate and encrypt network traffic between a point of sale system or kiosk and a network server in a manner transparent to the point of sale system.
  • exemplary diagrams of data processing environments are provided in which illustrative embodiments may be implemented. It should be appreciated that FIGS. 1-2 are only exemplary and are not intended to assert or imply any limitation with regard to the environments in which different embodiments may be implemented. Many modifications to the depicted environments may be made.
  • FIG. 1 depicts a pictorial representation of a network of data processing systems in which the illustrative embodiments may be implemented.
  • Network data processing system 100 is a network of computers in which embodiments may be implemented.
  • Network data processing system 100 contains network 102 , which is the medium used to provide communications links between various devices and computers connected together within network data processing system 100 .
  • Network 102 may include connections, such as wire, wireless communication links, or fiber optic cables.
  • server 104 and server 106 connect to network 102 along with storage unit 108 .
  • clients 110 , 112 , and 114 connect to network 102 .
  • These clients 110 , 112 , and 114 may be, for example, personal computers or network computers.
  • Clients 110 , 112 , and 114 may also be point of sale devices, such as cash registers, optical scanner, magnetic card reader, special terminals, and printers.
  • server 104 provides data, such as boot files, operating system images, and applications to clients 110 , 112 , and 114 .
  • Clients 110 , 112 , and 114 are clients to server 104 in this example.
  • Network data processing system 100 may include additional servers, clients, and other devices not shown.
  • network data processing system 100 is the Internet with network 102 representing a worldwide collection of networks and gateways that use the Transmission Control Protocol/Internet Protocol (TCP/IP) suite of protocols to communicate with one another.
  • TCP/IP Transmission Control Protocol/Internet Protocol
  • At the heart of the Internet is a backbone of high-speed data communication lines between major nodes or host computers, consisting of thousands of commercial, governmental, educational and other computer systems that route data and messages.
  • network data processing system 100 also may be implemented as a number of different types of networks, such as for example, an intranet, a local area network (LAN), or a wide area network (WAN).
  • FIG. 1 is intended as an example, and not as an architectural limitation for different embodiments.
  • Data processing system 200 is an example of a computer, such as server 104 or client 110 in FIG. 1 , in which computer usable code or instructions implementing the processes may be located for the illustrative embodiments.
  • data processing system 200 employs a hub architecture including a north bridge and memory controller hub (MCH) 202 and a south bridge and input/output (I/O) controller hub (ICH) 204 .
  • MCH north bridge and memory controller hub
  • I/O input/output
  • main memory 208 main memory 208
  • graphics processor 210 are coupled to north bridge and memory controller hub 202 .
  • Processing unit 206 may contain one or more processors and even may be implemented using one or more heterogeneous processor systems.
  • Graphics processor 210 may be coupled to the MCH through an accelerated graphics port (AGP), for example.
  • AGP accelerated graphics port
  • local area network (LAN) adapter 212 is coupled to south bridge and I/O controller hub 204 and audio adapter 216 , keyboard and mouse adapter 220 , modem 222 , read only memory (ROM) 224 , universal serial bus (USB) ports and other communications ports 232 , and PCI/PCIe devices 234 are coupled to south bridge and I/O controller hub 204 through bus 238 , and hard disk drive (HDD) 226 and CD-ROM drive 230 are coupled to south bridge and I/O controller hub 204 through bus 240 .
  • PCI/PCIe devices may include, for example, Ethernet adapters, add-in cards, and PC cards for notebook computers. PCI uses a card bus controller, while PCIe does not.
  • ROM 224 may be, for example, a flash binary input/output system (BIOS).
  • Hard disk drive 226 and CD-ROM drive 230 may use, for example, an integrated drive electronics (IDE) or serial advanced technology attachment (SATA) interface.
  • IDE integrated drive electronics
  • SATA serial advanced technology attachment
  • a super I/O (SIO) device 236 may be coupled to south bridge and I/O controller hub 204 .
  • An operating system runs on processing unit 206 and coordinates and provides control of various components within data processing system 200 in FIG. 2 .
  • the operating system may be a commercially available operating system such as Microsoft® Windows® XP (Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both).
  • An object oriented programming system such as the JavaTM programming system, may run in conjunction with the operating system and provides calls to the operating system from Java programs or applications executing on data processing system 200 .
  • Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.
  • Instructions for the operating system, the object-oriented programming system, and applications or programs are located on storage devices, such as hard disk drive 226 , and may be loaded into main memory 208 for execution by processing unit 206 .
  • the processes of the illustrative embodiments may be performed by processing unit 206 using processor implemented instructions, which may be located in a memory such as, for example, main memory 208 , read only memory 224 , or in one or more peripheral devices.
  • FIGS. 1-2 may vary depending on the implementation.
  • Other internal hardware or peripheral devices such as flash memory, equivalent non-volatile memory, or optical disk drives and the like, may be used in addition to or in place of the hardware depicted in FIGS. 1-2 .
  • the processes of the illustrative embodiments may be applied to a multiprocessor data processing system.
  • data processing system 200 may be a personal digital assistant (PDA), which is generally configured with flash memory to provide non-volatile memory for storing operating system files and/or user-generated data.
  • PDA personal digital assistant
  • a bus system may be comprised of one or more buses, such as a system bus, an I/O bus and a PCI bus. Of course the bus system may be implemented using any type of communications fabric or architecture that provides for a transfer of data between different components or devices attached to the fabric or architecture.
  • a communications unit may include one or more devices used to transmit and receive data, such as a modem or a network adapter.
  • a memory may be, for example, main memory 208 or a cache such as found in north bridge and memory controller hub 202 .
  • a processing unit may include one or more processors or CPUs.
  • processors or CPUs may include one or more processors or CPUs.
  • FIGS. 1-2 and above-described examples are not meant to imply architectural limitations.
  • data processing system 200 also may be a tablet computer, laptop computer, point of sale device, or telephone device in addition to taking the form of a PDA.
  • FIG. 3 is a block diagram showing an electric connection of a network printer in accordance with an illustrative embodiment.
  • Network printer 302 is an example of a point of sale device. As shown in FIG. 3 , network printer 302 has processing unit 304 for carrying out various kinds of processing and integrally controlling each section, read-only memory (ROM) 306 for storing various kinds of computer programs, random-access memory (RAM) 308 as a work area for processing unit 304 , flash memories 310 as second and third memories for storing various kinds of set information, and network interface 312 for carrying out communications with network 314 connected to each other with bus 316 .
  • Network 314 is a network, such as network 102 of FIG. 1 .
  • Bus 316 is also connected to large-capacity storage 318 as a first memory like that for a hard disk drive, image buffer 320 for extending a bit image for printing, printer engine 322 for printing an image written in image buffer 320 according to an electronic photographing system or other printing system, and console panel 324 equipped with various kinds of keys for receiving various kinds of operations from users and liquid crystal display (LCD) for displaying various kinds of messages, via a predetermined interface and an I/O.
  • Network 314 may be connected with server 326 and client 328 .
  • the illustrative embodiments provide secure network tunneling for point of sale printers.
  • the illustrative embodiments combine traditional point of sale printer functions with the functions of Ethernet bridge devices. This combination provides a secure network tunnel for point of sale devices to enable over wired or wireless network connections.
  • a secure network tunnel utilizes public networks to conduct private data communications.
  • Many secure network tunnel implementations use the Internet as the public infrastructure and a variety of specialized protocols to support private communications through the Internet.
  • Tunneling is a transmission of data through a network in a manner that routing nodes in the network are unaware that the transmission is part of a private network. Tunneling is generally performed by encapsulating the private network data and protocol information within the public network protocol data so that the tunneled data is not available to anyone examining the transmitted data frames.
  • a tunnel in a secure network is a connection between nodes that communicate with each other in the secure network tunnel.
  • FIG. 4 depicts a functional block diagram of a point of sale (POS) system in accordance with an illustrative embodiment.
  • Point of sale device 402 may be client devices, such as client 110 , 112 , or 114 of FIG. 1
  • point of sale printer 404 may be a printer, such as network printer 302 of FIG. 3 .
  • Point of sale device 402 may be, for example, a cash register, kiosk, special terminal, or other computer or computing device serving the role of performing point of sale functions.
  • Point of sale device 402 may be connected to point of sale printer 404 through trusted network connection 406 , which may be a RS-232 connection, Universal Serial Bus (USB) connection, Ethernet connection, or other form of device connection.
  • trusted network connection 406 which may be a RS-232 connection, Universal Serial Bus (USB) connection, Ethernet connection, or other form of device connection.
  • Point of sale printer 404 may further be connected to network server 408 through un-trusted network connection 410 in point of sale printer 404 and un-trusted network connection 412 in network server 408 .
  • Network 414 through which point of sale printer 404 connected to network server 408 , may be either a wired or wireless network. If network 414 is a wireless network, then point of sale printer 404 may connect to network 414 via an internal 802.11 connection or other wireless connectivity technology. The 802.11 connection may be 802.11a, b, g, n, or some follow-on technology. If network 414 is a wired connection, then point of sale printer 404 may connect to network 414 through a wired connection, such as an Ethernet connection or other form of wired connection.
  • Un-trusted network connection 410 contains secure network firmware 416 that creates a secure network tunnel to network server 408 and encrypts all data that originates from point of sale printer 404 or traffic originating from trusted network connection 406 bound to network server 408 .
  • Network server 408 has secure network tunneling software 418 that is able to decrypt data sent from point of sale printer 404 .
  • Some exemplary secure network tunneling protocol that may be implemented in secure network tunneling software 418 is a virtual private network (VPN) tunneling protocol, point-to-point tunneling protocol (PPTP), Internet Protocol Security (IPSec), or layer two tunneling protocol (L2TP).
  • VPN virtual private network
  • PPTP point-to-point tunneling protocol
  • IPSec Internet Protocol Security
  • L2TP layer two tunneling protocol
  • network server 408 may create a secure network tunnel to point of sale printer 404 , and data sent from network server 408 is encrypted by secure network tunneling software 418 and decrypted by secure network firmware 416 . If network 414 were maliciously accessed, data sent to point of sale printer 404 would be ignored by secure network firmware 416 . If secure network firmware 416 detects malicious access, secure network firmware 416 sends an error or notification to network server 408 that a malicious access was attempted. All of the secure network tunneling and encryption/decryption is hidden from devices connected to trusted network connection 406 , such as point of sale device 402 .
  • FIG. 5 illustrates an exemplary operation of a transmission from a point of sale printer in accordance with an illustrative embodiment.
  • the point of sale printer receives a request from another point of sale device (step 502 ).
  • the request includes data that is to be sent to the network server and is received in a trusted network connection, such as trusted network connection 406 of FIG. 4 .
  • the point of sale printer establishes a secure network tunnel to the network server using secure network firmware, such as secure network firmware 416 of FIG. 4 (step 504 ).
  • the point of sale printer uses the secure network firmware, encrypts the data included in the connection request and sends the encrypted data to the network server using an un-trusted network connection, such as un-trusted network connection 410 of FIG. 4 (step 506 ).
  • the point of sale printer confirms that the data is sent correctly by receiving an acknowledgement of data receipt from the network server (step 508 ).
  • a determination is made as to whether an acknowledgement has been received from the network server (step 510 ). If at step 510 any response other than an acknowledgement is received, the operation returns to step 506 . If at step 510 an acknowledgement is received, the point of sale printer drops the secure network tunnel to the server (step 512 ). Then the point of sale printer acknowledges data being sent to the point of sale device that initiated the request (step 514 ), with the operation terminating thereafter.
  • FIG. 6 illustrates an exemplary operation of a receiving data at a point of sale printer in accordance with an illustrative embodiment.
  • a secure network tunnel request is received at an un-trusted network connection, such as un-trusted network connection 410 of FIG. 4 (step 602 ).
  • Secure network firmware in the un-trusted network connection determines whether inbound network traffic is an authentic connection from the unsecured network connection based on the tunneling method chosen for the implementation—L2TP, IPSec, PPTP, etc. (step 604 ). If the secure network tunnel request is not from an authorized network server, the point of sale printer ignores the tunnel request and sends an error to the network server indicating that a malicious access has been attempted (step 606 ) with the operation ending thereafter. If at step 604 the secure network tunnel request is from an authorized network server, the point of sale printer establishes a secure network tunnel to the network server (step 608 ). The point of sale printer receives data from the network server over the secure network tunnel (step 610 ).
  • the point of sale printer determines if the received data is encrypted using secure network firmware (step 612 ). If the data is not encrypted, the point of sale printer ignores the tunnel request and sends an error to the network server indicating that a malicious access has been attempted (step 606 ) with the operation terminating thereafter. If at step 612 the data is encrypted, the data is decrypted and sent to the point of sale device using a trusted network connection, such as trusted network connection 406 of FIG. 4 (step 614 ). Next, point of sale printer waits for the point of sale device to determine if the received data is correct (step 616 ).
  • step 616 If at step 616 the point of sale device indicates that the data has been received incorrectly, the point of sale printer sends a request to the network server to resend data (step 618 ) with the operation retuning to step 610 . If at step 616 the point of sale device indicates that the data has been received correctly, the point of sale printer sends an acknowledgement to the network server (step 620 ). Then the point of sale printer drops the secure network tunnel to the network server (step 622 ), with the operation terminating thereafter. All of the secure network tunneling and encryption/decryption is transparent to the point of sale device.
  • the illustrative embodiments provide for secure network tunneling between a printer and a network server.
  • a printer receives a request to transmit data to a network server.
  • a secure network tunnel is established between the printer and the network server.
  • the data is transmitted from the printer to the network server over the secure network tunnel.
  • a printer receives a server acknowledgement that the data has been received by the network server.
  • the invention can take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment containing both hardware and software elements.
  • the invention is implemented in software, which includes but is not limited to firmware, resident software, microcode, etc.
  • This invention applies to any device which contains one or more printing components, including but not limited to thermal, laser, ink, or impact type, which is typically used to produce receipts for transactions, and which may act as a gateway for a virtual private network tunnel for other devices.
  • printing components including but not limited to thermal, laser, ink, or impact type, which is typically used to produce receipts for transactions, and which may act as a gateway for a virtual private network tunnel for other devices.
  • a data processing system suitable for storing and/or executing program code will include at least one processor coupled directly or indirectly to memory elements through a system bus.
  • the memory elements can include local memory employed during actual execution of the program code, bulk storage, and cache memories which provide temporary storage of at least some program code in order to reduce the number of times code must be retrieved from bulk storage during execution.
  • I/O devices including but not limited to surface mounted control buttons and LCD displays
  • I/O controllers can be coupled to the device either directly or through intervening I/O controllers.
  • Network adapters may be embedded in the device, or may be available as a separate component which connects to the device using a proprietary or common coupling mechanism such as that used by a PCMCIA card.
  • Network adapters includes both wired network adapters and wireless network adapters.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Accessory Devices And Overall Control Thereof (AREA)

Abstract

A processor implemented method and data processing system are provided for providing secure network tunneling. A request is received at a printer to transmit data to a network server. A secure network tunnel is established between the printer and the network server. The data is transmitted from the printer to the network server over the secure network tunnel. A server acknowledgement is received at the printer that the data has been received by the network server.

Description

BACKGROUND OF THE INVENTION
1. Field of the Invention
The present invention relates generally to point of sale devices. More specifically, the present invention relates generally to a processor implemented method and data processing system which enables a point of sale printer to create and use secure network tunnels.
2. Description of the Related Art
Point of sale (POS) is a term that is often used in connection with hardware and software for checkout systems, such as cash registers, optical scanners, magnetic card readers, special terminals, and printers. Reading product tags, updating inventory, and checking credit are some of the operations performed at the point of sale.
Point of sale systems evolved from the mechanical cash registers of the first half of the 20th century. Examples of this type of register include the National Cash Register (NCR) registers operated by a crank and the lever-operated Burroughs registers. These registers recorded data on journal tapes or paper tape and required an extra step to transcribe the information into the retailer's accounting system. The next step in evolution was to move to operation by electricity. An example of this type of register was the National Cash Register Class 5 cash register. In 1973, new registers that were driven by computers were introduced, such as the International Business Machines (IBM) 3653 Store System and the National Cash Register 2150. The year 1973 also brought about the introduction of the UPC/EAN barcode readers on the point of sale systems. In 1986, the point of sale systems became based on personal computer technology with the introduction of the International Business Machines 4683.
During the late 1980s and throughout the 1990s, stand-alone credit card devices were developed so credit card processing could be more easily and securely added. These relatively simple devices have evolved in recent years to allow multiple applications, such as a credit card, gift card, age verification, and employee time clock to reside on one device. As of 2005, retail point of sale systems were among the most sophisticated and powerful computer networks in commercial use. However, point of sale networks are frequently vulnerable to malicious attempts to spy for private consumer data such as a credit card, social security, or bank account numbers.
BRIEF SUMMARY OF THE INVENTION
The illustrative embodiments provide for secure network tunneling between a printer and a network server. The illustrative embodiments receive a request at a printer to transmit data to a network server. The illustrative embodiments establish a secure network tunnel between the printer and the network server. The illustrative embodiments transmit the data from the printer to the network server over the secure network tunnel. Then, the illustrative embodiments receive a server acknowledgement at the printer that the data has been received by the network server.
BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWINGS
The novel features believed characteristic of the invention are set forth in the appended claims. The invention itself, however, as well as a preferred mode of use, further objectives and advantages thereof, will best be understood by reference to the following detailed description of an illustrative embodiment when read in conjunction with the accompanying drawings, wherein:
FIG. 1 depicts a pictorial representation of a network of data processing systems in which the illustrative embodiments may be implemented;
FIG. 2 shows a block diagram of a data processing system in which the illustrative embodiments may be implemented;
FIG. 3 is a block diagram showing an electric connection of a network printer in accordance with an illustrative embodiment;
FIG. 4 depicts a functional block diagram of a point of sale (POS) system in accordance with an illustrative embodiment;
FIG. 5 illustrates an exemplary operation of a transmission from a point of sale printer in accordance with an illustrative embodiment; and
FIG. 6 illustrates an exemplary operation of receiving data at a point of sale printer in accordance with an illustrative embodiment.
 DETAILED DESCRIPTION OF THE INVENTION
The illustrative embodiments provide for enabling a point of sale printer to create and use secure network tunnels in order to authenticate and encrypt network traffic between a point of sale system or kiosk and a network server in a manner transparent to the point of sale system. With reference now to the figures and in particular with reference to FIGS. 1-2, exemplary diagrams of data processing environments are provided in which illustrative embodiments may be implemented. It should be appreciated that FIGS. 1-2 are only exemplary and are not intended to assert or imply any limitation with regard to the environments in which different embodiments may be implemented. Many modifications to the depicted environments may be made.
With reference now to the figures, FIG. 1 depicts a pictorial representation of a network of data processing systems in which the illustrative embodiments may be implemented. Network data processing system 100 is a network of computers in which embodiments may be implemented. Network data processing system 100 contains network 102, which is the medium used to provide communications links between various devices and computers connected together within network data processing system 100. Network 102 may include connections, such as wire, wireless communication links, or fiber optic cables.
In the depicted example, server 104 and server 106 connect to network 102 along with storage unit 108. In addition, clients 110, 112, and 114 connect to network 102. These clients 110, 112, and 114 may be, for example, personal computers or network computers. Clients 110, 112, and 114 may also be point of sale devices, such as cash registers, optical scanner, magnetic card reader, special terminals, and printers. In the depicted example, server 104 provides data, such as boot files, operating system images, and applications to clients 110, 112, and 114. Clients 110, 112, and 114 are clients to server 104 in this example. Network data processing system 100 may include additional servers, clients, and other devices not shown.
In the depicted example, network data processing system 100 is the Internet with network 102 representing a worldwide collection of networks and gateways that use the Transmission Control Protocol/Internet Protocol (TCP/IP) suite of protocols to communicate with one another. At the heart of the Internet is a backbone of high-speed data communication lines between major nodes or host computers, consisting of thousands of commercial, governmental, educational and other computer systems that route data and messages. Of course, network data processing system 100 also may be implemented as a number of different types of networks, such as for example, an intranet, a local area network (LAN), or a wide area network (WAN). FIG. 1 is intended as an example, and not as an architectural limitation for different embodiments.
With reference now to FIG. 2, a block diagram of a data processing system is shown in which the illustrative embodiments may be implemented. Data processing system 200 is an example of a computer, such as server 104 or client 110 in FIG. 1, in which computer usable code or instructions implementing the processes may be located for the illustrative embodiments.
In the depicted example, data processing system 200 employs a hub architecture including a north bridge and memory controller hub (MCH) 202 and a south bridge and input/output (I/O) controller hub (ICH) 204. Processing unit 206, main memory 208, and graphics processor 210 are coupled to north bridge and memory controller hub 202. Processing unit 206 may contain one or more processors and even may be implemented using one or more heterogeneous processor systems. Graphics processor 210 may be coupled to the MCH through an accelerated graphics port (AGP), for example.
In the depicted example, local area network (LAN) adapter 212 is coupled to south bridge and I/O controller hub 204 and audio adapter 216, keyboard and mouse adapter 220, modem 222, read only memory (ROM) 224, universal serial bus (USB) ports and other communications ports 232, and PCI/PCIe devices 234 are coupled to south bridge and I/O controller hub 204 through bus 238, and hard disk drive (HDD) 226 and CD-ROM drive 230 are coupled to south bridge and I/O controller hub 204 through bus 240. PCI/PCIe devices may include, for example, Ethernet adapters, add-in cards, and PC cards for notebook computers. PCI uses a card bus controller, while PCIe does not. ROM 224 may be, for example, a flash binary input/output system (BIOS). Hard disk drive 226 and CD-ROM drive 230 may use, for example, an integrated drive electronics (IDE) or serial advanced technology attachment (SATA) interface. A super I/O (SIO) device 236 may be coupled to south bridge and I/O controller hub 204.
An operating system runs on processing unit 206 and coordinates and provides control of various components within data processing system 200 in FIG. 2. The operating system may be a commercially available operating system such as Microsoft® Windows® XP (Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both). An object oriented programming system, such as the Java™ programming system, may run in conjunction with the operating system and provides calls to the operating system from Java programs or applications executing on data processing system 200. Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.
Instructions for the operating system, the object-oriented programming system, and applications or programs are located on storage devices, such as hard disk drive 226, and may be loaded into main memory 208 for execution by processing unit 206. The processes of the illustrative embodiments may be performed by processing unit 206 using processor implemented instructions, which may be located in a memory such as, for example, main memory 208, read only memory 224, or in one or more peripheral devices.
The hardware in FIGS. 1-2 may vary depending on the implementation. Other internal hardware or peripheral devices, such as flash memory, equivalent non-volatile memory, or optical disk drives and the like, may be used in addition to or in place of the hardware depicted in FIGS. 1-2. Also, the processes of the illustrative embodiments may be applied to a multiprocessor data processing system.
In some illustrative examples, data processing system 200 may be a personal digital assistant (PDA), which is generally configured with flash memory to provide non-volatile memory for storing operating system files and/or user-generated data. A bus system may be comprised of one or more buses, such as a system bus, an I/O bus and a PCI bus. Of course the bus system may be implemented using any type of communications fabric or architecture that provides for a transfer of data between different components or devices attached to the fabric or architecture. A communications unit may include one or more devices used to transmit and receive data, such as a modem or a network adapter. A memory may be, for example, main memory 208 or a cache such as found in north bridge and memory controller hub 202. A processing unit may include one or more processors or CPUs. The depicted examples in FIGS. 1-2 and above-described examples are not meant to imply architectural limitations. For example, data processing system 200 also may be a tablet computer, laptop computer, point of sale device, or telephone device in addition to taking the form of a PDA.
FIG. 3 is a block diagram showing an electric connection of a network printer in accordance with an illustrative embodiment. Network printer 302 is an example of a point of sale device. As shown in FIG. 3, network printer 302 has processing unit 304 for carrying out various kinds of processing and integrally controlling each section, read-only memory (ROM) 306 for storing various kinds of computer programs, random-access memory (RAM) 308 as a work area for processing unit 304, flash memories 310 as second and third memories for storing various kinds of set information, and network interface 312 for carrying out communications with network 314 connected to each other with bus 316. Network 314 is a network, such as network 102 of FIG. 1.
Bus 316 is also connected to large-capacity storage 318 as a first memory like that for a hard disk drive, image buffer 320 for extending a bit image for printing, printer engine 322 for printing an image written in image buffer 320 according to an electronic photographing system or other printing system, and console panel 324 equipped with various kinds of keys for receiving various kinds of operations from users and liquid crystal display (LCD) for displaying various kinds of messages, via a predetermined interface and an I/O. Network 314 may be connected with server 326 and client 328.
The illustrative embodiments provide secure network tunneling for point of sale printers. The illustrative embodiments combine traditional point of sale printer functions with the functions of Ethernet bridge devices. This combination provides a secure network tunnel for point of sale devices to enable over wired or wireless network connections. A secure network tunnel utilizes public networks to conduct private data communications. Many secure network tunnel implementations use the Internet as the public infrastructure and a variety of specialized protocols to support private communications through the Internet. Tunneling is a transmission of data through a network in a manner that routing nodes in the network are unaware that the transmission is part of a private network. Tunneling is generally performed by encapsulating the private network data and protocol information within the public network protocol data so that the tunneled data is not available to anyone examining the transmitted data frames. A tunnel in a secure network is a connection between nodes that communicate with each other in the secure network tunnel.
FIG. 4 depicts a functional block diagram of a point of sale (POS) system in accordance with an illustrative embodiment. Point of sale device 402 may be client devices, such as client 110, 112, or 114 of FIG. 1, and point of sale printer 404 may be a printer, such as network printer 302 of FIG. 3. Point of sale device 402 may be, for example, a cash register, kiosk, special terminal, or other computer or computing device serving the role of performing point of sale functions. Point of sale device 402 may be connected to point of sale printer 404 through trusted network connection 406, which may be a RS-232 connection, Universal Serial Bus (USB) connection, Ethernet connection, or other form of device connection. Point of sale printer 404 may further be connected to network server 408 through un-trusted network connection 410 in point of sale printer 404 and un-trusted network connection 412 in network server 408. Network 414, through which point of sale printer 404 connected to network server 408, may be either a wired or wireless network. If network 414 is a wireless network, then point of sale printer 404 may connect to network 414 via an internal 802.11 connection or other wireless connectivity technology. The 802.11 connection may be 802.11a, b, g, n, or some follow-on technology. If network 414 is a wired connection, then point of sale printer 404 may connect to network 414 through a wired connection, such as an Ethernet connection or other form of wired connection.
Un-trusted network connection 410 contains secure network firmware 416 that creates a secure network tunnel to network server 408 and encrypts all data that originates from point of sale printer 404 or traffic originating from trusted network connection 406 bound to network server 408. Network server 408 has secure network tunneling software 418 that is able to decrypt data sent from point of sale printer 404. Some exemplary secure network tunneling protocol that may be implemented in secure network tunneling software 418 is a virtual private network (VPN) tunneling protocol, point-to-point tunneling protocol (PPTP), Internet Protocol Security (IPSec), or layer two tunneling protocol (L2TP). Likewise, network server 408 may create a secure network tunnel to point of sale printer 404, and data sent from network server 408 is encrypted by secure network tunneling software 418 and decrypted by secure network firmware 416. If network 414 were maliciously accessed, data sent to point of sale printer 404 would be ignored by secure network firmware 416. If secure network firmware 416 detects malicious access, secure network firmware 416 sends an error or notification to network server 408 that a malicious access was attempted. All of the secure network tunneling and encryption/decryption is hidden from devices connected to trusted network connection 406, such as point of sale device 402.
FIG. 5 illustrates an exemplary operation of a transmission from a point of sale printer in accordance with an illustrative embodiment. As the operation begins, the point of sale printer receives a request from another point of sale device (step 502). The request includes data that is to be sent to the network server and is received in a trusted network connection, such as trusted network connection 406 of FIG. 4. The point of sale printer establishes a secure network tunnel to the network server using secure network firmware, such as secure network firmware 416 of FIG. 4 (step 504). Once the connection is established, the point of sale printer, using the secure network firmware, encrypts the data included in the connection request and sends the encrypted data to the network server using an un-trusted network connection, such as un-trusted network connection 410 of FIG. 4 (step 506). The point of sale printer confirms that the data is sent correctly by receiving an acknowledgement of data receipt from the network server (step 508). Next, a determination is made as to whether an acknowledgement has been received from the network server (step 510). If at step 510 any response other than an acknowledgement is received, the operation returns to step 506. If at step 510 an acknowledgement is received, the point of sale printer drops the secure network tunnel to the server (step 512). Then the point of sale printer acknowledges data being sent to the point of sale device that initiated the request (step 514), with the operation terminating thereafter.
FIG. 6 illustrates an exemplary operation of a receiving data at a point of sale printer in accordance with an illustrative embodiment. As the operation begins, a secure network tunnel request is received at an un-trusted network connection, such as un-trusted network connection 410 of FIG. 4 (step 602). Secure network firmware in the un-trusted network connection determines whether inbound network traffic is an authentic connection from the unsecured network connection based on the tunneling method chosen for the implementation—L2TP, IPSec, PPTP, etc. (step 604). If the secure network tunnel request is not from an authorized network server, the point of sale printer ignores the tunnel request and sends an error to the network server indicating that a malicious access has been attempted (step 606) with the operation ending thereafter. If at step 604 the secure network tunnel request is from an authorized network server, the point of sale printer establishes a secure network tunnel to the network server (step 608). The point of sale printer receives data from the network server over the secure network tunnel (step 610).
Then, the point of sale printer determines if the received data is encrypted using secure network firmware (step 612). If the data is not encrypted, the point of sale printer ignores the tunnel request and sends an error to the network server indicating that a malicious access has been attempted (step 606) with the operation terminating thereafter. If at step 612 the data is encrypted, the data is decrypted and sent to the point of sale device using a trusted network connection, such as trusted network connection 406 of FIG. 4 (step 614). Next, point of sale printer waits for the point of sale device to determine if the received data is correct (step 616). If at step 616 the point of sale device indicates that the data has been received incorrectly, the point of sale printer sends a request to the network server to resend data (step 618) with the operation retuning to step 610. If at step 616 the point of sale device indicates that the data has been received correctly, the point of sale printer sends an acknowledgement to the network server (step 620). Then the point of sale printer drops the secure network tunnel to the network server (step 622), with the operation terminating thereafter. All of the secure network tunneling and encryption/decryption is transparent to the point of sale device.
Thus, the illustrative embodiments provide for secure network tunneling between a printer and a network server. A printer receives a request to transmit data to a network server. A secure network tunnel is established between the printer and the network server. The data is transmitted from the printer to the network server over the secure network tunnel. A printer receives a server acknowledgement that the data has been received by the network server.
The invention can take the form of an entirely hardware embodiment, an entirely software embodiment or an embodiment containing both hardware and software elements. In a preferred embodiment, the invention is implemented in software, which includes but is not limited to firmware, resident software, microcode, etc.
This invention applies to any device which contains one or more printing components, including but not limited to thermal, laser, ink, or impact type, which is typically used to produce receipts for transactions, and which may act as a gateway for a virtual private network tunnel for other devices.
A data processing system suitable for storing and/or executing program code will include at least one processor coupled directly or indirectly to memory elements through a system bus. The memory elements can include local memory employed during actual execution of the program code, bulk storage, and cache memories which provide temporary storage of at least some program code in order to reduce the number of times code must be retrieved from bulk storage during execution.
Input/output or I/O devices (including but not limited to surface mounted control buttons and LCD displays) can be coupled to the device either directly or through intervening I/O controllers.
Network adapters may be embedded in the device, or may be available as a separate component which connects to the device using a proprietary or common coupling mechanism such as that used by a PCMCIA card. Network adapters includes both wired network adapters and wireless network adapters.
The description of the present invention has been presented for purposes of illustration and description, and is not intended to be exhaustive or limited to the invention in the form disclosed. Many modifications and variations will be apparent to those of ordinary skill in the art. The embodiment was chosen and described in order to best explain the principles of the invention, the practical application, and to enable others of ordinary skill in the art to understand the invention for various embodiments with various modifications as are suited to the particular use contemplated.

Claims (10)

1. A processor implemented method for providing secure network tunneling, the processor implemented method comprising:
receiving, at a printer, a request to transmit data to a network server;
establishing a secure network tunnel between the printer and the network server;
transmitting the data from the printer to the network server over the secure network tunnel; and
receiving, at the printer, a server acknowledgement that the data has been received by the network server;
receiving, at the printer, a secure network tunnel request;
determining if the secure network tunnel request is from an authorized network server;
responsive to the secure network tunnel request origination from an unauthorized network server, ignoring the secure network tunnel request; and sending a first error from the printer to the authorized network server;
responsive to the secure network tunnel request origination from the authorized network server, establishing, by the printer, the secure network tunnel to the authorized network server; and
receiving, by the printer, the data over the secure network tunnel from the authorized network server; and
determining, by the printer, if the data is encrypted data;
responsive to the data being unencrypted data, ignoring the unencrypted data; and
sending a second error from the printer to the authorized network server;
responsive to the encrypted data being received, decrypting the encrypted data; and
sending the decrypted data from the printer to a device; and
receiving, at the printer, a device acknowledgement that the data has been received by the device; and
sending the device acknowledgement from the printer to the authorized network server that the data has been received.
2. The processor implemented method of claim 1, further comprising:
encrypting the data prior to transmitting the data from the printer over the secure network tunnel to the network server.
3. The processor implemented method of claim 1, wherein the request is received from a point of sale device in communication with the printer and wherein the secure network tunnel is transparent to the point of sale device.
4. The processor implemented method of claim 1, wherein the printer is a point of sale printer.
5. The processor implemented method of claim 1, wherein the secure network tunnel is at least one of a virtual private network tunnel, a point-to-point tunnel, or a layer two tunnel.
6. A data processing system in a printer comprising:
a bus system;
a communications system connected to the bus system;
a memory connected to the bus system, wherein the memory includes a set of instructions; and
a processing unit connected to the bus system, wherein the processing unit executes the set of instructions to receive, at the printer, a request to transmit data to a network server;
establish a secure network tunnel between the printer and the network server; transmit the data from the printer to the network server over the secure network tunnel; and receive, at the printer, a server acknowledgement that the data has been received by the network server;
receive, at the printer, a secure network tunnel request; determine if the secure network tunnel request is from an authorized network server;
responsive to the secure network tunnel request originating from an unauthorized network server, ignore the secure network tunnel request; and send a first error from the printer to the authorized network server;
responsive to the secure network tunnel request origination from the authorized network server, establish, by the printer, the secure network tunnel to the authorized network server; and
receive, by the printer, the data over the secure network tunnel from the authorized network server; determine, by the printer, if the data is encrypted data;
responsive to the data being unencrypted data, ignore the unencrypted data; and send a second error from the printer to the authorized network server;
responsive to the encrypted data being received, decrypt the encrypted data; and send the decrypted data from the printer to a device; and
receive, at the printer, a device acknowledgement that the data has been received by the device; and send the device acknowledgement from the printer to the authorized network server that the data has been received.
7. The data processing system of claim 6, wherein the processing unit executes the set of instructions to encrypt the data prior to transmitting the data from the printer over the secure network tunnel to the network server.
8. The data processing system of claim 6, wherein the request is received from a point of sale device in communication with the printer and wherein the secure network tunnel is transparent to the point of sale device.
9. The data processing system of claim 6, wherein the printer is a point of sale printer.
10. The data processing system of claim 6, wherein the secure network tunnel is at least one of a virtual private network tunnel, a point-to-point tunnel, or a layer two tunnel.
US11/551,909 2006-10-23 2006-10-23 Point of sale printers providing secure network tunneling Expired - Fee Related US7847959B2 (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
US11/551,909 US7847959B2 (en) 2006-10-23 2006-10-23 Point of sale printers providing secure network tunneling

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US11/551,909 US7847959B2 (en) 2006-10-23 2006-10-23 Point of sale printers providing secure network tunneling

Publications (2)

Publication Number Publication Date
US20080144075A1 US20080144075A1 (en) 2008-06-19
US7847959B2 true US7847959B2 (en) 2010-12-07

Family

ID=39526780

Family Applications (1)

Application Number Title Priority Date Filing Date
US11/551,909 Expired - Fee Related US7847959B2 (en) 2006-10-23 2006-10-23 Point of sale printers providing secure network tunneling

Country Status (1)

Country Link
US (1) US7847959B2 (en)

Cited By (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120110320A1 (en) * 2010-10-29 2012-05-03 Kumar Chetan R Automatic Secure Client Access
US20160283928A1 (en) * 2015-03-25 2016-09-29 Intel Corporation Secure transactions with connected peripherals

Families Citing this family (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US8819499B2 (en) * 2011-06-09 2014-08-26 At&T Mobility Ii Llc Sending network reject/error codes from a terminal adaptor to terminal equipment through an at command interface
WO2013147863A1 (en) * 2012-03-30 2013-10-03 Intel Corporation Techniques for enhanced holographic cooking
EP3330913B1 (en) * 2016-11-30 2021-05-05 Wincor Nixdorf International GmbH Method and device for controlling the access to and configuration of point of sale peripherals
CN114338939A (en) * 2021-12-21 2022-04-12 广东纬德信息科技股份有限公司 Safe printing and scanning system

Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6314476B1 (en) * 1998-02-26 2001-11-06 Brother Kogyo Kabushiki Kaisha Network adapter enabling bidirectional monitoring of a terminal device between a computer and a managing device
US20040227971A1 (en) * 2003-05-12 2004-11-18 James Clough Systems and methods for accessing a printing service
US20050223228A1 (en) * 2004-03-31 2005-10-06 Canon Kabushiki Kaisha Providing apparatus, providing method, communication device, communication method, and program
US20050261970A1 (en) * 2004-05-21 2005-11-24 Wayport, Inc. Method for providing wireless services
US20060072144A1 (en) * 2004-09-01 2006-04-06 Dowling Eric M Network scanner for global document creation, transmission and management
US7486695B1 (en) * 2003-12-22 2009-02-03 Sun Microsystems, Inc. Method and apparatus for data communication tunneling channels
US7574737B1 (en) * 2002-05-31 2009-08-11 Novatel Wireless, Inc. Systems and methods for secure communication over a wireless network

Patent Citations (7)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US6314476B1 (en) * 1998-02-26 2001-11-06 Brother Kogyo Kabushiki Kaisha Network adapter enabling bidirectional monitoring of a terminal device between a computer and a managing device
US7574737B1 (en) * 2002-05-31 2009-08-11 Novatel Wireless, Inc. Systems and methods for secure communication over a wireless network
US20040227971A1 (en) * 2003-05-12 2004-11-18 James Clough Systems and methods for accessing a printing service
US7486695B1 (en) * 2003-12-22 2009-02-03 Sun Microsystems, Inc. Method and apparatus for data communication tunneling channels
US20050223228A1 (en) * 2004-03-31 2005-10-06 Canon Kabushiki Kaisha Providing apparatus, providing method, communication device, communication method, and program
US20050261970A1 (en) * 2004-05-21 2005-11-24 Wayport, Inc. Method for providing wireless services
US20060072144A1 (en) * 2004-09-01 2006-04-06 Dowling Eric M Network scanner for global document creation, transmission and management

Cited By (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20120110320A1 (en) * 2010-10-29 2012-05-03 Kumar Chetan R Automatic Secure Client Access
US8560833B2 (en) * 2010-10-29 2013-10-15 Aruba Networks, Inc. Automatic secure client access
US20160283928A1 (en) * 2015-03-25 2016-09-29 Intel Corporation Secure transactions with connected peripherals
US10496974B2 (en) * 2015-03-25 2019-12-03 Intel Corporation Secure transactions with connected peripherals

Also Published As

Publication number Publication date
US20080144075A1 (en) 2008-06-19

Similar Documents

Publication Publication Date Title
JP5055375B2 (en) Payment data protection
US20190087803A1 (en) Cloud-based transaction processing
US8190885B2 (en) Non-volatile memory sub-system integrated with security for storing near field transactions
US20050138389A1 (en) System and method for making password token portable in trusted platform module (TPM)
US7847959B2 (en) Point of sale printers providing secure network tunneling
US7861015B2 (en) USB apparatus and control method therein
US8156331B2 (en) Information transfer
US20070124536A1 (en) Token device providing a secure work environment and utilizing a virtual interface
US20070198825A1 (en) Internet secure terminal for personal computers
US20070101401A1 (en) Method and apparatus for super secure network authentication
WO2009066217A2 (en) Performing secure electronic transactions
US8466775B2 (en) Electronic label authenticating method and system
US20130121490A1 (en) Method and apparatus for trust based data scanning, capture, and transfer
WO2010091184A1 (en) Enabling payment using paperless image of a check
US20110113477A1 (en) Information processing apparatus, information providing server, program, communication system, and login information providing server
KR101449644B1 (en) POS System and Method for Payment using Encrypted Card Information
US11204902B2 (en) Method for archiving user data
CN107209840B (en) Secure transactions with connected peripherals
KR101401675B1 (en) System and method for providing public key for encrypting card information
KR20140137223A (en) System and Method for Payment using Encrypted Card Information
EP1834276A2 (en) System and method for securing the intialization of a smartcard controller
US20070226484A1 (en) Apparatus and method for managing and protecting information during use of semi-trusted interfaces
CN111914268A (en) Encryption device, control method thereof, and computer-readable storage medium
KR100341419B1 (en) A method for controlling standard SSL security on the internet browser
TWM601410U (en) System for completing account application by scanning code to verify identity

Legal Events

Date Code Title Description
AS Assignment

Owner name: INTERNATIONAL BUSINESS MACHINES CORPORATION, NEW Y

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNOR:LOVE, SHANNON ANDREW;REEL/FRAME:018424/0166

Effective date: 20061019

AS Assignment

Owner name: TOSHIBA GLOBAL COMMERCE SOLUTIONS HOLDINGS CORPORA

Free format text: PATENT ASSIGNMENT AND RESERVATION;ASSIGNOR:INTERNATIONAL BUSINESS MACHINES CORPORATION;REEL/FRAME:028895/0935

Effective date: 20120731

FPAY Fee payment

Year of fee payment: 4

FEPP Fee payment procedure

Free format text: PAYOR NUMBER ASSIGNED (ORIGINAL EVENT CODE: ASPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

Free format text: PAYER NUMBER DE-ASSIGNED (ORIGINAL EVENT CODE: RMPN); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

FEPP Fee payment procedure

Free format text: MAINTENANCE FEE REMINDER MAILED (ORIGINAL EVENT CODE: REM.)

LAPS Lapse for failure to pay maintenance fees

Free format text: PATENT EXPIRED FOR FAILURE TO PAY MAINTENANCE FEES (ORIGINAL EVENT CODE: EXP.); ENTITY STATUS OF PATENT OWNER: LARGE ENTITY

STCH Information on status: patent discontinuation

Free format text: PATENT EXPIRED DUE TO NONPAYMENT OF MAINTENANCE FEES UNDER 37 CFR 1.362

FP Lapsed due to failure to pay maintenance fee

Effective date: 20181207